Language Selection

English French German Italian Portuguese Spanish

Microsoft Privacy Violations

Filed under
Microsoft
  • Euro data watchdog has 'serious concerns' as to whether EU deals with Microsoft obey GDPR

    The way Windows 10 is configured is critical, and the report concludes that if the Timeline is disabled and telemetry set to the lowest level, there are "no high data protection risks resulting from the diagnostic data collection in Windows 10".

    The Dutch report on Office 365 is less positive, particularly with regard to Office mobile apps and Office Online, for which "five high data protection risks" are identified. "Until Microsoft takes measures to mitigate these risks, government organisations should refrain from using Office Online and the mobile Office apps included in Office 365 licence," it states. There is also advice that "in order to prevent continued vendor lock-in, government organisations are advised to conduct a pilot with alternative open-source productivity software". That said, if all recommended measures are followed, "there are no more known high data protection risks for data subjects related to the collection of data about the use of Microsoft Office 365 ProPlus", it concludes.

    In July 2019, the Dutch government published a "State of Play" memo [PDF] indicating that Microsoft had largely resolved the issues which prevented Office from meeting GDPR requirements. "Microsoft has now made the most urgent changes in accordance with the improvement plan. These were tested by SLM Microsoft Rijk in June 2019 and found to be in order," it says.

    This explains why the EDPS now states that the agreement forged between Microsoft and the Dutch government is a model for the rest of the EU. "The EDPS is of the opinion that such solutions should be extended not only to all public and private bodies in the EU, which is our short-term expectation, but also to individuals."

  • EU's Microsoft probe throws up 'serious concerns' over GDPR compliance

    "Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services," it said.

  • EU data watchdog raises concerns over Microsoft contracts

    Microsoft’s (MSFT.O) contracts with European Union institutions do not fully protect data in line with EU law, the European Data Protection Supervisor (EDPS) said in initial findings published on Monday.

    [...]

    The EU introduced new rules on data protection in 2018, known as GDPR, applicable to all companies operating in the bloc and designed to give individuals more control over their personal data and to create a more level playing field for businesses.

    “We are committed to helping our customers comply with GDPR, Regulation 2018/1725 and other applicable laws,” a Microsoft spokesman said.

    “We are in discussions with our customers in the EU institutions and will soon announce contractual changes that will address concerns such as those raised by the EDPS.”

    The EDPS has worked with the Dutch ministry of justice, which carried out risk assessments last June and found that public authorities in member states face similar issues

    The two have since set up a forum designed to set up fair rules for public administrations.

    The EDPS said there is “significant scope” for improvement of contracts with powerful software developers and that contractual terms and technical safeguards agreed between the Dutch ministry and Microsoft were a positive step forwards.